Adobe finds holes in Flash, Acrobat

Embattled Adobe has warned of a "critical" vulnerability in its Flash Player and Adobe Reader and Acrobat products that could be exploited by attackers wishing take control of your PC.

The company said there had been no reports (yet) of the vulnerabilities actually being exploited but an official patch is not yet available either.

The programs found to be vulnerable include: Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX are also vulnerable.

Adobe said its Flash Player 10.1 Release Candidate 7 does not seem to be vulnerable and that Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Since Adobe hasn't yet devised an official fix, it said users' best bet was to download the Flash Player 10.1 release candidate 7, available from this link and to make sure their Reader and Acrobat code are the latest versions.

Alternatively, the Acrobat and Reader holes can be plugged by "deleting, renaming, or removing access to the authplay.dll file" Adobe said. This is likely to cause Reader to fall over on opening a PDF file that contains SWF content, but may be preferable to becoming a vehicle for spammers or worse.

The Snafu could harldy have come at at worse time for Adobe, under attack as it is from Apple supremo Steve Jobs who has decided that Flash is a blight on the face of the Internet.